Software Security: Challenges and Solutions

Relatore:  Yuan Xiang Gu - Cloakware, Canada
  lunedì 15 settembre 2008 alle ore 12.00

In today’s digital world, the need for software protection is reaching its height. In application areas such as video or music, Digital Rights Management (DRM) systems are being deployed to protect the high-value content. The discovery of root keys in the system can cause a breach of
valuable content; or worse, the breach can cause the release of automated exploits to release any content. In Conditional Access Systems (CAS), satellite or cable service providers are constantly bombarded by new attacks. These attacks proliferate in our connected world, and can destroy a company’s valuable subscription stream. In enterprise systems, the network is guarded by sets of password systems, often through hard-coded scripts. Client and server software modules become at risk to both outsider and insider attacks.

Data in-transit is only part of the security problem. The more prevalent situation is when software executes in a hostile environment, where attackers have large amounts of time and resources to spend on attacks. Hardware protection can play a part, but usually software is still needed for flexibility, upgrades, and cost effective revisions. In often circumstances, it is important to perform key management, revision and revocation control all in software. How then can a distributor of software be sure that the software is robust and is not subject to attack? Frequently, the platform and software are also at full disposal to an attacker with plenty of time and resources including tools and all the experts on the web. This attack landscape is often termed a white-box environment, where all the content is in plain sight – the opposite of a black-box environment.

A strong defense for white-box attacks can be achieved through effective technology developed by Cloakware, an Irdeto company, that is the security solutions provider that makes security inseparable from the software it protects. From applications and databases in corporate datacenters, to PCs and consumer devices such as mobile phones and set-top boxes, software applications need to protect themselves from unauthorized user access and tampering. Cloakware's patented, layered, and compliance-driven approach to software self-protection delivers the trusted environment that the government, enterprise and consumer markets require. Cloakware's software security solutions protect more than one billion shipped applications and the assets of some of the world's largest, most recognizable and technologically advanced companies.

Short Biography di Yuan Xiang Gu
Yuan Xiang Gu is a co-founder of Cloakware and co-inventor of Cloakware’s software security technology. As Cloakware’s chief architect, Yuan is responsible for product architecture as well as technology development and evolution. He and his co-inventors have been granted six U.S patents and have a number of patents pending.  He has worked in several senior management positions in Cloakware including vice president of technology development and engineering.
Prior to joining Cloakware, Yuan was a senior scientist and architect at Nortel Networks, focusing on object-oriented languages, software environments, compiler technology, intelligent network technologies, computer security and software protection. Previously, Yuan was a visiting professor at the Computer Science School of McGill University, where his research interests included language-oriented environments and design and implementation of parallel languages and systems. Yuan was a professor in the Computer Science Department at Northwestern University in China, where he worked on software engineering, programming languages, compilers, operating systems and artificial intelligence. A recipient of the First Outstanding Young Scientists Foundation Award from the Chinese Academy of Sciences, Yuan has over three decades of software research and development knowledge and expertise, and has published over 50 papers.

Roberto Giacobazzi

Data pubblicazione
15 settembre 2008

Offerta formativa